Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Identity Management & Digital Signatures in the
BioPharmaceutical Industry
Identity Management & Digital Identity Management & Digital Signatures in the Signatures in the
BioPharmaceutical IndustryBioPharmaceutical IndustryJohn Hendrix; Program Director
CTST 2009
© 2009 SAFE-BioPharma Association
2 © 2009 SAFE-BioPharma Association
Overview
Conducting Business in the Electronic World
Regulatory & Legal Issues
Introduction to SAFE-BioPharma Association
How SAFE-BioPharma Members Overcome these Hurdles
Summary
Conducting Business in the Electronic World
Conducting Business in the Electronic World
John Hendrix; Program Director
CTST 2009
3 © 2009 SAFE-BioPharma Association
Business Trends in the Biopharmaceutical Community
Revolution in life sciences and medical technology:• Changing the way we live• Expensive, complex, geography, many players
Need to improve safety, quality, development times:• Paper costs must be reduced : 40% of R&D costs; 33% all healthcare costs• Must look for ways to speed processes
Need to improve efficiencies, reduce costs;• Shift to eClinical• eRegulatory processes• eHealthcare, e.g., UK, France, US
4
There is a pressing need to better allocate healthcare resources to deliver more new medicines and services to
patients, faster and safely.
© 2009 SAFE-BioPharma Association
Business Drivers in the Electronic World
Business Process Improvement– Standards based – Interoperate regardless of technology or vendor – Identity Management
• Trust people’s identities, how do I know who is on the other end of a transaction• Establish risk based methods to confirm and authenticate identity
– Digitally sign documents• Eliminate wet signatures
– Eliminate multiple user IDs & passwords
Regulatory Requirements– How is the eCTD implemented?
Legal Drivers– Patent Protection
Trust/Identity Management Drivers– How do I know…
Interoperability with Business Partners and Regulators
5 © 2009 SAFE-BioPharma Association
Regulatory and Legal Issues
Regulatory and Legal Issues
John Hendrix; Program Director
CTST 2009
6 © 2009 SAFE-BioPharma Association
7
Regulatory Requirements
Sarbanes-OxleyHIPAA
FDA 21 CFR Part 11e-SIGN
PIPEDA
IDABC
EU BridgeJapan
Privacy
Basel II
Control Frameworks:EAL, ETSI, ISO, NIST
Policy alignment and consistency is essential
Regulations all have an impact on your identity management strategy
Conflicting regulations increase risks and costs especially depending on geography
EUDRALEX
Import/Export JPKIEU Directives
US Bridge
© 2009 SAFE-BioPharma Association
E-sig & D-sig Definitions
What is an Electronic Signature?• Data in electronic form which is attached to or logically associated with other
electronic data and which serve as a method of authentication. • An electronic sound, symbol, or process, attached to or logically associated with
a record and executed or adopted by a person with the intent to sign the record.
What is a Digital Signature?• A specific type of Electronic Signature.• The Signature is based upon cryptographic methods of originator authentication,
computed by using a set of rules and a set of parameters such that the identity of the signer and the integrity of the data can be verified.
Only specific digital signatures, generated under the requirements of the EU Directive will qualify as an “advanced electronic signature” in the EU
Only “advanced electronic signature” are legal equivalent of handwritten signatures
8 © 2009 SAFE-BioPharma Association
A Comparison of Electronic and Digital Signature Features for the US and EU
© 2009 SAFE-BioPharma Association
Introduction to SAFE-BioPharma AssociationIntroduction to SAFE-
BioPharma Association
John Hendrix; Program Director
CTST 2009
10 © 2009 SAFE-BioPharma Association
Who is SAFE-BioPharma?
SAFE-BioPharma is a strategic initiative of the global biopharmaceutical industry to facilitate transformation to fullyelectronic SAFE-BioPharma is a member-governed, not-for-profit enterprise
– SAFE-BioPharma standard – Legal and contractual framework – Bridge Trust infrastructure – SAFE-BioPharma identity credentials– Digital Signatures– Authentication
• Multi-factor– SAFE-BioPharma-enabled products
SAFE-BioPharma-BioPharma Association– Amgen - AstraZeneca - Premier– BMS - GSK - Abbott – Genzyme - J&J - Lilly– Merck - Organon - MedNet World– Pfizer - P&G - Novartis– Roche - Sanofi-Aventis
11 © 2009 SAFE-BioPharma Association
12
The SAFE-BioPharma Standard
Business– Operating Policies– Contracts– Processes
Technical & Identity – Certificate Policy (PKI)– Specifications– Guidelines
Agree to Accept digitally signed transactionsAgree to limited liability capsAgree to dispute resolutionAgree to identity assurance Agree to self-audit & meet SAFE-BioPharma requirements
Identity verificationIdentity life cycle managementComply with referenced standardsFollow security, audit & control requirementsCertification
The SAFE-BioPharma Standard is the Only Complete Set of Managed Business and Technical Policies, Procedures and Agreements for Digital Signing and
Authentication in the Global BioPharma and Healthcare Communities to Foster
Interoperability, Regulatory, and Legal Compliance
© 2009 SAFE-BioPharma Association
How SAFE-BioPharma Members Overcome
These Hurdles
How SAFE-BioPharma Members Overcome
These Hurdles
John Hendrix; Program Director
CTST 2009
13 © 2009 SAFE-BioPharma Association
The SAFE-BioPharma Digital Certificate
14 © 2009 SAFE-BioPharma Association
SAFE-BioPharma Compliant Digital Signatures…
SAFE-BioPharma
Digital Signatures
Overcome...
....While Enabling 1)Trust and Communication Among Members and All Stakeholders, 2) Platform/Program and Process Interoperability, 3)
Regulatory and Legal Compliance, and 4) Risk Mitigation
Help Members Overcome the Simple Electronic Signature Shortfalls such as…
© 2009 SAFE-BioPharma Association
Organizational Identity Management Issues
Scalability– Different risk factors may require different levels of certificate
• Differing methods of identity verification provide the ability to support multiple identity assurance levels
Flexibility– Two assurance levels, based on the identity verification process, and four
certificate types• Basic Assurance Software, Medium Assurance Software, Medium Assurance
Hardware, Roaming Digital ID (Medium Assurance Software)– As the level rises, so does the ability to strongly assert the identity
Collaborative development and partnering opportunities– Access to partner systems– User name and password management
Requirements for electronic submissions and electronic records– Agencies establish e-submission guidance and regulations
Current hybrid systems do not support– Most built around scanned signatures to PDF but still require paper retention
16 © 2009 SAFE-BioPharma Association
Options for Flexible Use
Two levels of trust:– Basic Assurance for authentication– Medium Assurance for trusted identity uniquely linked to
authentication, digital signature and EU-qualified
Three digital signing technologies:– Software– Hardware (zero footprint now undergoing FIPS certification)– Roaming
Three identity-proofing options– Antecedent – enterprise and on-line– Trusted agent– Notary – including office/home notary services
17 © 2009 SAFE-BioPharma Association
Member Public Key Infrastructure Options
Internal infrastructure– Cross certified with SAFE Bridge– BMS, J&J – soon others
Outsourced infrastructure– Cross-certified with SAFE Bridge:
• Chosen Security • Citibank • IdenTrust• Trans Sped• Verizon Business/Cybertrust
SAFE tiered services infrastructure (member-funded)– External partners – Regulatory uses– Healthcare providers– Members
18 © 2009 SAFE-BioPharma Association
The Global BioPharma eBusiness Challenge
CRO(s)
Research Sites/
Investigators
Trade/supplypartner(s)
Ethics Committees
Biopharma1
Biopharma 2
Biopharma 3
EMEA
EU MS1
EU MS2
EU MS…n
MHLW
FDA
If tackled independently recipe for management nightmare
19 © 2009 SAFE-BioPharma Association
Netherlands
Simplifying Trust
EU Bridge
SAFE-BioPharma
Bridge
US Federal Bridge
J&J
BMS
Sanofi-Aventis
Chosen
CITIGroupCybertrust
Identrust
Transped
HHS
FDA
EMEA UK
France
Germany
MHRA
AFSSAPSBfARM MEB
20 © 2009 SAFE-BioPharma Association
Organization Pilots and ImplementationsAbbott ELN
Amgen ELN, Clinical Research Info Exchange (CRIX)
AstraZeneca ELN, eSubmissions (US); Investigator Portal; Global infrastructure
BMS ELNs; Promotional material review (EU); eSubmissions; alliances
CDC-MedNet-SAFE-BioPharma Cross-jurisdictional public health-disease surveillance
EMEA EudraVigilance; eCTDs, regulatory submissions
GSK eSubmissions, R&D docs; Global infrastructure
J&J 90,000+ employees; eSubs; External partners; Records
Eli Lilly eSubmissions
Merck ELN
National Notary Association Digital Notary Signature
Pfizer ELNs; eSubmissions; contracts/SOWs; investigator portal
P&G ELNs; contracts; HR
Premier Supplier and member contracts
Sanofi-Aventis ELNs, eSubmissions; Finance and Purchasing
SAFE-BioPharma Pilots & Implementations
Summary
SAFE-BioPharma meets Requirements for ubiquitous IT adoption
An Identity Management Trust Infrastructure – Mitigate risk – Secure infrastructure that ensures privacy & confidentiality
Business process improvement for both industry and regulators– Reduce cost– Increase productivity– Reduce cycle times
Mandated globally accepted standards
Develop Global Regulatory compliance strategy
Vendor/technology neutral – interoperable
Legally enforceable
Collaborate with Healthcare industry
22 © 2009 SAFE-BioPharma Association